Overview

URL www109.zippyshare.com/d/oc6swaoi/8755/revo.uninstaller.pro.v3.2.1.kuyhaa.me.rar
IP46.166.139.231
ASNNForce Entertainment B.V.
Location Netherlands
Report completed2022-06-17 02:22:17 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-06-17 2 encloseddealing.com/1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js Malware
2022-06-17 2 aphycolourses.info/Tk5NMjc1bD5FaDs8IRANbCY5Rkc9dGIdQDk5fAIOYDQkQkc3PSVTRStg (...) Malware
2022-06-17 2 d24ak3f2b.top/advertisers.js Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Added / Verified Severity Host Comment
2022-06-16 2 encloseddealing.com Sinkholed
2022-06-16 2 qualitydestructionhouse.com Sinkholed
2022-06-16 2 d24ak3f2b.top Sinkholed
2022-06-16 2 unseenreport.com Sinkholed
2022-06-16 2 unseenreport.com Sinkholed
2022-06-16 2 upsidejolly.com Sinkholed
2022-06-17 2 exchangediscreditmast.com Sinkholed
2022-06-17 2 exchangediscreditmast.com Sinkholed
2022-06-17 2 exchangediscreditmast.com Sinkholed


Files

No files detected



Passive DNS (29)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] aphycolourses.info (1) 121151 No data No data 44.195.137.121
[Mnemonic Passive DNS] www109.zippyshare.com (10) 0 No data No data 46.166.139.231 Domain (zippyshare.com) ranked at: 41031
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-06-16 04:59:38 UTC 54.230.111.64
[Mnemonic Passive DNS] ocsp.sectigo.com (5) 487 2018-12-17 11:31:55 UTC 2022-06-17 00:07:15 UTC 104.18.32.68
[Mnemonic Passive DNS] d10lumateci472.cloudfront.net (2) 0 No data No data 54.230.245.49 Unknown ranking
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-06-16 13:47:28 UTC 34.120.237.76
[Mnemonic Passive DNS] cdn.cloudimagesb.com (1) 23099 2021-02-12 16:15:41 UTC 2022-06-16 18:25:46 UTC 45.133.44.10
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-06-16 04:56:12 UTC 54.188.94.105
[Mnemonic Passive DNS] clksite.com (1) 68288 2015-01-01 17:16:10 UTC 2019-11-27 09:37:42 UTC 173.192.101.24
[Mnemonic Passive DNS] unseenreport.com (2) 0 No data No data 192.243.59.12 Unknown ranking
[Mnemonic Passive DNS] upsidejolly.com (1) 0 No data No data 192.243.61.227 Unknown ranking
[Mnemonic Passive DNS] ocsp.pki.goog (3) 175 2017-06-14 07:23:31 UTC 2022-06-16 04:54:14 UTC 142.250.74.3
[Mnemonic Passive DNS] encloseddealing.com (1) 0 No data No data 192.243.61.227 Unknown ranking
[Mnemonic Passive DNS] e1.o.lencr.org (4) 6159 2021-08-20 07:36:30 UTC 2022-06-16 05:19:40 UTC 23.36.77.32
[Mnemonic Passive DNS] ocsp.sca1b.amazontrust.com (1) 1015 No data No data 54.230.245.118
[Mnemonic Passive DNS] ouknatstuffs.xyz (3) 0 No data No data 143.204.55.51 Unknown ranking
[Mnemonic Passive DNS] cdn.adx1.com (1) 10630 2018-05-29 09:13:29 UTC 2022-06-16 22:34:55 UTC 149.6.163.10
[Mnemonic Passive DNS] ds88pc0kw6cvc.cloudfront.net (2) 0 No data No data 54.230.245.35 Unknown ranking
[Mnemonic Passive DNS] qualitydestructionhouse.com (1) 0 No data No data 192.243.59.20 Unknown ranking
[Mnemonic Passive DNS] d24ak3f2b.top (1) 105412 No data No data 142.0.197.108
[Mnemonic Passive DNS] ntualkentined.xyz (3) 0 No data No data 44.195.137.121 Unknown ranking
[Mnemonic Passive DNS] exchangediscreditmast.com (3) 0 No data No data 192.243.59.20 Unknown ranking
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.7
[Mnemonic Passive DNS] r3.o.lencr.org (17) 344 2020-12-02 08:52:13 UTC 2022-06-16 05:09:03 UTC 23.36.77.32
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-06-16 19:31:14 UTC 93.184.220.29
[Mnemonic Passive DNS] simplewebanalysis.com (1) 0 No data No data 18.194.245.245 Unknown ranking
[Mnemonic Passive DNS] cdn.sb4you1.com (2) 22321 No data No data 172.67.183.56
[Mnemonic Passive DNS] ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-06-16 05:20:58 UTC 151.101.86.133


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 46.166.139.231

Date UQ / IDS / BL URL IP
2022-06-26 16:17:44 +0000
0 - 0 - 4 www110.zippyshare.com/d/tzq4tpu5/7320/l3050ec (...) 46.166.139.231
2022-06-26 16:17:33 +0000
0 - 0 - 3 www110.zippyshare.com/d/tzq4tpu5/8683/l3050ec (...) 46.166.139.231
2022-06-24 08:02:11 +0000
0 - 0 - 8 www110.zippyshare.com/d/tzq4tpu5/17103/l3050e (...) 46.166.139.231
2022-06-24 07:25:56 +0000
0 - 0 - 9 www110.zippyshare.com/d/tzq4tpu5/30517/l3050e (...) 46.166.139.231
2022-06-17 19:40:33 +0000
0 - 0 - 9 https://www110.zippyshare.com/d/2HPetcoH/3583 (...) 46.166.139.231
2022-06-17 02:22:35 +0000
0 - 0 - 4 www109.zippyshare.com/d/oc6swaoi/16487/revo.u (...) 46.166.139.231
2022-06-12 13:32:02 +0000
0 - 0 - 12 https://www110.zippyshare.com/d/YZENOK7Q/1825 (...) 46.166.139.231
2022-06-10 15:53:19 +0000
0 - 0 - 7 www109.zippyshare.com/d/oc6swaoi/37047/revo.u (...) 46.166.139.231
2018-12-15 12:56:12 +0100
0 - 0 - 1 https://www110.zippyshare.com/d/u2mtbtGA/841/ (...) 46.166.139.231
2017-09-05 18:40:13 +0200
0 - 0 - 0 www109.zippyshare.com/v/5BA45I0d/file.html 46.166.139.231

Last 10 reports on ASN: NForce Entertainment B.V.

Date UQ / IDS / BL URL IP
2022-08-11 23:40:43 +0000
0 - 0 - 1 141.98.6.236/1337New/Wjgqesf-OLD-3.exe 141.98.6.236
2022-08-11 23:40:39 +0000
0 - 0 - 1 141.98.6.236/1337/Wjgqesf-OLD-3.exe 141.98.6.236
2022-08-11 23:40:35 +0000
0 - 0 - 1 141.98.6.236/Z2k/Ivnut-Z2K-3.exe 141.98.6.236
2022-08-11 23:40:31 +0000
0 - 0 - 1 141.98.6.236/Z2KNEW/Ivnut-Z2K-3.exe 141.98.6.236
2022-08-11 23:40:23 +0000
0 - 0 - 1 141.98.6.236/1337Traget/Rxvgxnss-1337x-2.exe 141.98.6.236
2022-08-11 23:40:18 +0000
0 - 0 - 1 141.98.6.236/newz2k/Ivnut-Z2K-2.exe 141.98.6.236
2022-08-11 23:40:10 +0000
0 - 0 - 1 141.98.6.236/newz2k/Ivnut-Z2K-3.exe 141.98.6.236
2022-08-11 23:40:06 +0000
0 - 0 - 1 141.98.6.236/limetor/Kgilth-LIME-2.exe 141.98.6.236
2022-08-11 23:40:00 +0000
0 - 0 - 1 141.98.6.236/FreeApps/Dzodhr-FREE-4.exe 141.98.6.236
2022-08-11 23:39:53 +0000
0 - 0 - 1 141.98.6.236/Z2KNEW/Ivnut-Z2K-4.exe 141.98.6.236

No other reports on domain: zippyshare.com



JavaScript

Executed Scripts (17)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (79)


Request Response
                                        
                                            GET /d/oc6swaoi/8755/revo.uninstaller.pro.v3.2.1.kuyhaa.me.rar HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         46.166.139.231
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:01 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: JSESSIONID=8B4BC29864A237122B41CF1F8F781328; Path=/; HttpOnly
Location: http://www109.zippyshare.com/v/oc6swaoi/file.html

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 17 Jun 2022 02:17:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wedgLkyobEI-5QWSRX8Cg6DTplVd8Hif06Ny7hDjUOsb7EZKgonNxw==
Age: 283


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F7449D747B3C17B6AF8E1F057D563EE3B5833BE3C3BB77155DECB7AC5F3CC950"
Last-Modified: Thu, 16 Jun 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9183
Expires: Fri, 17 Jun 2022 04:55:04 GMT
Date: Fri, 17 Jun 2022 02:22:01 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.64
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
date: Fri, 17 Jun 2022 02:10:50 GMT
last-modified: Wed, 11 May 2022 19:51:39 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5qWF2reTIluv3jK8yNuSYElhJQTuHjSwag2DIRWuzTyF6KE7gWsFQQ==
age: 671
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v/oc6swaoi/file.html HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: JSESSIONID=8B4BC29864A237122B41CF1F8F781328
Upgrade-Insecure-Requests: 1

                                         
                                         46.166.139.231
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:01 GMT
Content-Length: 178
Connection: keep-alive
Location: https://www109.zippyshare.com/v/oc6swaoi/file.html


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         151.101.86.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Expires: Tue, 21 Jun 2022 01:45:52 GMT
ETag: "917959436ba7c94c845d6a122f4a8633f3e38fd8"
Last-Modified: Fri, 17 Jun 2022 01:45:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Content-Length: 1423
Accept-Ranges: bytes
Date: Fri, 17 Jun 2022 02:22:01 GMT
Age: 2170
Connection: keep-alive
X-Served-By: cache-qpg1250-QPG, cache-bma1641-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 1
X-Timer: S1655432522.665811,VS0,VE1


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    dfd7c8276df70a3dbaa522d93a0e61e0
Sha1:   917959436ba7c94c845d6a122f4a8633f3e38fd8
Sha256: 0ab36fb9d6214ae691a59ba240eb3b893cd74043d5014354138e6644d5d5d6c3
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 17 Jun 2022 02:22:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v/oc6swaoi/file.html HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: zippyadb=0; zippop=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=235A7B3EB3DCFA0C59957321079F8935; Path=/; HttpOnly zippop=2; Domain=.zippyshare.com; Expires=Fri, 17-Jun-2022 14:22:01 GMT; Path=/
Content-Language: en
Expires: Fri, 17 Jun 2022 02:22:00 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (41981), with CRLF, CR, LF line terminators
Size:   39520
Md5:    977e6b8011615683f25744225e2e4d21
Sha1:   cb75bb456fd891055671b8851bac19a59c0d8c04
Sha256: 5b161b8fad5f05b3f2b5b233357f8bf5536591fb378bea1c336b687d680d657e
                                        
                                            GET /wro/viewjs-9c29d4e653e865831dc028fdac7e7dfff3be049e.css HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:01 GMT
Content-Length: 66707
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Tue, 03 Sep 2030 02:22:01 GMT
Accept-Ranges: bytes
ETag: W/"207098-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (38971)
Size:   66707
Md5:    7e0e3e48bd85cdf4041d04d6d265622a
Sha1:   06bd818fbba909a62546da78470bc01fd813076e
Sha256: b6f4ece3f288037b58e9803601d45e812775c0140f09d7860574f6c56781ec1c
                                        
                                            GET /ads.js HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 138
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"157-1654675202000"
Last-Modified: Wed, 08 Jun 2022 08:00:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text
Size:   138
Md5:    80ce0db0d04307c0a7e7bfbe492e329d
Sha1:   f8efbdda6799a957baa59e907d466dbc3fd7be90
Sha256: da32bd619e9f9cf48c390020230b751333e2a402fce01635102f340a39f88113
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:02 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /sw.js HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 36755
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"95651-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   36755
Md5:    9f3eb972e27d96787df56867ba104e59
Sha1:   e266af1162c320a8366da4487c3698c0db0ca354
Sha256: 5750d3ef81845bcf96250e0b2e66d4b21aec5ed0144822ca14a9491f70392ae3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 13 Jun 2022 17:03:54 GMT
Expires: Mon, 20 Jun 2022 17:03:54 GMT
ETag: 42E49720D1717DF75F394E11A2D577D4F29E1B78
Cache-Control: max-age=311511,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp16
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 71c850aefc8ab500-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:02 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wro/viewjs-5c4b087e763baf82dfed5e75dc71d50f709ecb00.js HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 147861
Connection: keep-alive
Cache-Control: public, max-age=259200000
Expires: Tue, 03 Sep 2030 02:22:02 GMT
Accept-Ranges: bytes
ETag: W/"478725-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65535)
Size:   147861
Md5:    1dd393cf506e088f2a0b45a37beabda7
Sha1:   384796f00e05bce54b4bcae1f2dd4e5d0c5c478a
Sha256: c9420067db3629caab61a3e5983ef9b303d24913f01c2a3307ee0e392cc87616
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 13 Jun 2022 17:03:54 GMT
Expires: Mon, 20 Jun 2022 17:03:54 GMT
ETag: 42E49720D1717DF75F394E11A2D577D4F29E1B78
Cache-Control: max-age=311511,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp5
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 71c850af6cddb500-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 13 Jun 2022 17:03:54 GMT
Expires: Mon, 20 Jun 2022 17:03:54 GMT
ETag: 42E49720D1717DF75F394E11A2D577D4F29E1B78
Cache-Control: max-age=311511,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp7
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 71c850af6f4d0afa-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 13 Jun 2022 17:03:54 GMT
Expires: Mon, 20 Jun 2022 17:03:54 GMT
ETag: 42E49720D1717DF75F394E11A2D577D4F29E1B78
Cache-Control: max-age=311511,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp13
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 71c850af6843b515-OSL

                                        
                                            GET /?kcpsd=843055 HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.35
HTTP/2 200 OK
                                        
content-length: 49644
date: Fri, 17 Jun 2022 02:22:02 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8WPaeIEZbBF1_INClf0giCjyY7ztJqlSxocQVjupHt-Q8MHUE859xA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15952)
Size:   49644
Md5:    146f01d6b6a6fcce21324cd54be55007
Sha1:   4aa20dd2b5e6d9db7ac1c1ad1666e4afe8acb537
Sha256: 5221d866c8a32c028cc5150e0adcb14d5ae0852f5f8edffda02aec1b70a9de39
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D907A16BC673C06CD08BCB8F2E44E51A39EACAAAAAA963CEE7609627ABAC690C"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4349
Expires: Fri, 17 Jun 2022 03:34:31 GMT
Date: Fri, 17 Jun 2022 02:22:02 GMT
Connection: keep-alive

                                        
                                            GET /?amuld=726474 HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.49
HTTP/2 200 OK
                                        
content-length: 36012
date: Fri, 17 Jun 2022 02:22:02 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FXDoJVdE-c5GaqtphOuH-kGXZhCE6qlBsWh4w_4OG9Emb0xbynip-A==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15478)
Size:   36012
Md5:    a44b314b9324295b9b5460721c9436eb
Sha1:   4e32385c441e71dc25b6cc4ed94b58183dbcb41d
Sha256: 18a80ce44105c61d59508ca445ca9d53c0772e4338a91e6ab459e7fd9825daff
                                        
                                            GET /images/favicon2.ico HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Thu, 13 Apr 2023 02:22:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Expires, Content-Length, Retry-After, Last-Modified, ETag, Backoff, Cache-Control, Alert, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 17 Jun 2022 01:49:19 GMT
Expires: Fri, 17 Jun 2022 02:23:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iAeJL3AqrIg0CA0DIgGXd0CuO4rhhBGDiHvs37Jx9fe3Wuy8FjICPw==
Age: 1963


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /1d/35/84/1d3584ff950f38d5b2e10bc2994be620.js HTTP/1.1 
Host: encloseddealing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Fri, 17 Jun 2022 02:22:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2208b5968f937e354faaf868dbf21455
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (53783), with no line terminators
Size:   17189
Md5:    9192a1caced4a1525b50710d8da3e32f
Sha1:   9ea488d8463d525633c670137a8738102865d8c7
Sha256: 69a4759621efd2a75dfb6ce310716c0ecdc07513bf58e2efb24c0cb59f64a59b

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "58FFEB58A16EC3D4B35AA1BDDC918A730A7E69CBB333892738500748F1947E65"
Last-Modified: Tue, 14 Jun 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5782
Expires: Fri, 17 Jun 2022 03:58:24 GMT
Date: Fri, 17 Jun 2022 02:22:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9F6C3E8E5B8A8F9F8B61624C77F660212DD97AB17E76E374EFF8D86A988F458D"
Last-Modified: Wed, 15 Jun 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8723
Expires: Fri, 17 Jun 2022 04:47:25 GMT
Date: Fri, 17 Jun 2022 02:22:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3528
Cache-Control: max-age=110647
Date: Fri, 17 Jun 2022 02:22:02 GMT
Etag: "62aae4b9-1d7"
Expires: Sat, 18 Jun 2022 09:06:09 GMT
Last-Modified: Thu, 16 Jun 2022 08:07:21 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:03 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 16 Jun 2022 23:32:35 GMT
Expires: Thu, 23 Jun 2022 23:32:35 GMT
ETag: 8C14D14D208220A9797E8F63A679C75140C9E8A9
Cache-Control: max-age=594031,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp14
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 71c850b5595cb500-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8EB6CF7DCEC5CE367DAEE9BA2BE473521AA28F0DAD09B4207BB512055F9EE6B4"
Last-Modified: Tue, 14 Jun 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7684
Expires: Fri, 17 Jun 2022 04:30:07 GMT
Date: Fri, 17 Jun 2022 02:22:03 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   538
Md5:    7052b7b3bebdd8914ebad14239afe4bb
Sha1:   7563d2b63ca567461410f6256869f41fe16cdda5
Sha256: dceea5fc5807e3d61097931cfbedca771419c1425ffc0d0b5e52d6fcc655dca9
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CQRL1nPH4Q3/qYLeTpFscQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.188.94.105
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DtbkV9O05nFLclJhx8BH4akriAc=

                                        
                                            GET /sw.js?UmkzZDcJSwRWBmRaBEYbcEsfRgJhXFBXD2RRHgICN1oeUAI3UB4FBGANHlcBYVkABgJlWVcBVnBFEVEHMVEGVw4xRAVXU2BEB10OZURRVwNlRAtVATReBAUFYwwLARV%2BS0ATFX5LXRBCMwVYAVkmAF0BU3wRSh4VfksCVBlnSx8CVj4aVkhRMwVAARs0CF8XUg8 HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:03 GMT
Content-Length: 36755
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"95651-1654675203000"
Last-Modified: Wed, 08 Jun 2022 08:00:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   36755
Md5:    9f3eb972e27d96787df56867ba104e59
Sha1:   e266af1162c320a8366da4487c3698c0db0ca354
Sha256: 5750d3ef81845bcf96250e0b2e66d4b21aec5ed0144822ca14a9491f70392ae3
                                        
                                            GET /Tk5NMjc1bD5FaDs8IRANbCY5Rkc9dGIdQDk5fAIOYDQkQkc3PSVTRStgLl1aYT06HF09bGEQRCMobwgGYmw5U1ARJykQDWx5fwMBfXlvHhU9Oy9tXip8bwgVe314UQR2eHUfUXsrfh8Deyt0H1Z9fCkfBHh9fQFVe3l9VlIvbDA HTTP/1.1 
Host: aphycolourses.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-type: application/javascript; charset=utf-8
set-cookie: e2657aedcd622bee89a27822460157b9=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e102-DNqO3eV8WmmZOUEK42Ky7ZtizWk"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57602), with no line terminators
Size:   22904
Md5:    b28c98c5dd12bcec8bbb9cd246dbc0e9
Sha1:   8c83ca353406f4a7e8f6212155e8951fb2a75750
Sha256: 1a33b4ff4eefccc33a93dd9695ca1fabca89e8b709e6d2d8a5cc6e03633f94a4

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "33F4FE102E65CFA11636E44A1BBFBE27F4BFF985B9580C86B64C05664CD0E2CE"
Last-Modified: Wed, 15 Jun 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5607
Expires: Fri, 17 Jun 2022 03:55:30 GMT
Date: Fri, 17 Jun 2022 02:22:03 GMT
Connection: keep-alive

                                        
                                            GET /ca/66/21/ca6621f64bcdfd0a5aa2af7c57675832.js HTTP/1.1 
Host: qualitydestructionhouse.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Fri, 17 Jun 2022 02:22:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f202782eb66b366ff93dd4cc455c05c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (33841), with no line terminators
Size:   11420
Md5:    df35264798a190956a8f27ffca25c05d
Sha1:   a61e20fd103da2ba6dd5fb02af6f1643b8d200ef
Sha256: 6434e359f35dc90e2554e9e0d31cb01ecd81977b47a90d623bd191e3e6b26dbe

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B8C90B0CB9EF6F9CEF0676812AD12B43E952222727B4472A4230BE8FAAB64016"
Last-Modified: Wed, 15 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10329
Expires: Fri, 17 Jun 2022 05:14:12 GMT
Date: Fri, 17 Jun 2022 02:22:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=126392
Date: Fri, 17 Jun 2022 02:22:03 GMT
Etag: "62ab22c5-1d7"
Expires: Sat, 18 Jun 2022 13:28:35 GMT
Last-Modified: Thu, 16 Jun 2022 12:32:05 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _McMAMqW4V6ZxHPa3yC7Ff90Hred_aX42CJKKyUdHZgwTczs1eQ2xg==
Age: 3390

                                        
                                            GET /advertisers.js HTTP/1.1 
Host: d24ak3f2b.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.0.197.108
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Fri, 17 Jun 2022 02:22:03 GMT
Content-Length: 0
Connection: keep-alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ntualkentined.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 391
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: uid_id2=2e0820cc-06b2-4b1c-8098-a8c60626a055:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.194.245.245
HTTP/2 200 OK
                                        
date: Fri, 17 Jun 2022 02:22:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www109.zippyshare.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    dad0d9b2a58c7954490217a3389fbd0d
Sha1:   e82f607e25c5e8faa057909f63be0a0970944b4c
Sha256: 04042665a5e0f5b4c763806bba29451f82058e574d2afd7cc7ab01f12df683d1
                                        
                                            GET /images/favicon.ico HTTP/1.1 
Host: www109.zippyshare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/v/oc6swaoi/file.html
Cookie: zippyadb=0; zippop=2; JSESSIONID=235A7B3EB3DCFA0C59957321079F8935; ppu_main_1d3584ff950f38d5b2e10bc2994be620=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=2e0820cc-06b2-4b1c-8098-a8c60626a055%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         46.166.139.231
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Fri, 17 Jun 2022 02:22:03 GMT
Content-Length: 3611
Connection: keep-alive
Cache-Control: public, max-age=25920000
Expires: Thu, 13 Apr 2023 02:22:03 GMT
Accept-Ranges: bytes
ETag: W/"3611-1427651017000"
Last-Modified: Sun, 29 Mar 2015 17:43:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   3611
Md5:    b3bf18448d2e26f529500cb013975564
Sha1:   1b9d2cecad0cf85d336a24a0ccaa610c39a49f6a
Sha256: 968e719e5fbc1706a6db025adc28931e64fcf76c3ae80fa4ab6ff40b53b36b20
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 02:22:03 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/advertisement.js HTTP/1.1 
Host: clksite.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         173.192.101.24
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 17 Jun 2022 02:22:03 GMT
content-type: application/javascript
last-modified: Mon, 12 Jun 2017 13:33:59 GMT
vary: Accept-Encoding
etag: W/"593e9847-1b"
expires: Sun, 19 Jun 2022 02:22:03 GMT
cache-control: max-age=172800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   47
Md5:    cfb58fc3f7304134f8977403cce0eafc
Sha1:   bd00f4e4832d453f9cbeec800e2343bdcac47b47
Sha256: 8f75df11f7c72a7e85066daa46020a80b5a15a56e5aa19eb8687dd91168e58ba
                                        
                                            GET /utx?cb=V8mY7EGX3u8D&top=www109.zippyshare.com&tid=843055 HTTP/1.1 
Host: ouknatstuffs.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.51
HTTP/2 204 No Content
                                        
date: Fri, 17 Jun 2022 02:22:03 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 17 Jun 2022 02:23:03 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Cy0Q98N7WbA8ta8SG-xLhMzYgeslYjqlXTgfC7-IPDRQWv4VptktNQ==
X-Firefox-Spdy: h2

                                        
                                            GET /XOXJPZWdaHSEDWE0bK1hfDUF/UFIfGDwKCUlPHD8MThogLDBLASQqL1hUOx8DBEJpCQZXFXJDAlcRclRBWBYtWFcfBj8KDAQHIQECXxshAAMfBy5YClYIJgkLWFd9I1IXQmpXVxEKflRCCjBqV1dVGyEQHxxAfx1fDy15UUIKMGpXV0sEalYmAERhVU4cQH-8CAloZIEBVf0B/VFcJQ39UQgtCKQwVXBQgHUILNHZTSQlUOlhW HTTP/1.1 
Host: ds88pc0kw6cvc.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.35
HTTP/2 200 OK
                                        
content-length: 359
date: Fri, 17 Jun 2022 02:22:03 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: b58G_BKpWRCEbEQskrw5RhSN1JA4PQaplyVUgVAlq32uRRdDglG-xg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (446), with no line terminators
Size:   359
Md5:    9ca8c21349f1526c79f1fa247da7394f
Sha1:   6a3530313599e1b81a8621b878bd868b3aeec070
Sha256: 9f787f0956438f5457059b7a989be2d2c70cdd12bbc87dbdb50f2f25a0a32262
                                        
                                            GET /multi?cs=ZGhlbnFWWlFXRlFbUV1CV1BXXkM&abt=0&red=1&sm=76&k=zippyshare&v=1.0.58.2&sts=0&prn=0&emb=0&tid=726474&fs=1&ref=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&_0YiQ=1655432519760&crc=1 HTTP/1.1 
Host: ouknatstuffs.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.51
HTTP/2 200 OK
                                        
content-type: text/plain
content-length: 1470
date: Fri, 17 Jun 2022 02:22:03 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=aa8a9f27-0b56-47bd-a17c-2b3e9b2d26b4
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7MUvB8--cx-kKTB8q7_g9G5u0v_jJqA0kfTtc8erOxlrE4-lb1X0Cg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3039), with no line terminators
Size:   1470
Md5:    d80d528b88910420371ad46aaf6851ac
Sha1:   6b6986a3819cbc031542b85b317fc1e968aaf222
Sha256: 4a0f804892c3cd6b0933e1af52c49bd6a3e8f48cf490710d8fc39bcb4b75f956
                                        
                                            GET /3RVlrVTEmNgUzDjEwD2gGd29fYgVjMxg6XzVkBCRcHQEsMn8kMgExFzEjD2gBYzUKO1Z4fw47UnhoTTRVJ2Rbc0U1NgBoWDArGzZaLSgfPBcwOFY4Xj8wBzlQYGstYB91fFllGT1oWnACB3xZZV0sNx4tFHdpE20HGm9fcAIHfFllQzN8WBQIc3dbfBR3aQ-wwUi42Tmd3d2laZQF0aVpwA3U/AidUIzYTcAMDYF17AWMsVmQ HTTP/1.1 
Host: d10lumateci472.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.245.49
HTTP/2 200 OK
                                        
content-length: 453
date: Fri, 17 Jun 2022 02:22:03 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MsB1OQgha8M3pBVrPNAD2Ly13HXUy3FFhak7Z02Lpb6kR-m_KgS3cg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   14749
Md5:    098aa6669d8fe1b0265f9bdd6e4f6c90
Sha1:   374e891e58315b45124ae8389581e59666200b79
Sha256: 33be8ef379aeab54cd0db26440134f9a6537ba408911d2a697719344f1c93aca
                                        
                                            GET /eHVjS3YjV1R5R05GVGlaWldPaUNLQAB4Tk5NTi1DHUZOf0MdTE4qRUoRTnhAS0VQKUNPRQcuF1pZQX5GG01WeE8bWFV4EkpYV3JPT1gBeEJPWFt6QB5CVCpESRBbLlRUVxA8VFRXDT8DGRkILhgMHA0uElYNGjFUVFdSe1hNV08tFxQGBmcQGRkQLloeFA84EyU HTTP/1.1 
Host: ntualkentined.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-type: application/javascript; charset=utf-8
set-cookie: 90851ccb7e1e2f6c18f103bb8b7a2299=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8447-ByAzlxaWfYJ0B43yFXo5i6EtUxc"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (33863), with no line terminators
Size:   13201
Md5:    e86f7d58bb2edcc0a40a0c67b5afde16
Sha1:   133566900e5758e6fa25996564c0cc0042fe2516
Sha256: b0d7cf2cf69b5a8f0b9d5bfcfd7a030b8cd33e6ad4bee6e410dc50db79c51184
                                        
                                            GET /floater?cs=WEwwYmxtdAdQWWp9AFJYbnUBVlU&abt=0&red=1&sm=83&k=zippyshare&v=0.8.8.2&sts=0&prn=0&emb=0&tid=843055&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww109.zippyshare.com%2Fv%2Foc6swaoi%2Ffile.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_cCSu=1655432519751&crc=1 HTTP/1.1 
Host: ouknatstuffs.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.51
HTTP/2 200 OK
                                        
content-type: text/plain
content-length: 3657
date: Fri, 17 Jun 2022 02:22:04 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www109.zippyshare.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a67189c6-8082-4cda-90df-4c087a408b06
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AWws0wp7-AsE7tJrO-8HMmWt9X87DpCbTk16OUjbjKkwfb6rQmq3NQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5399), with no line terminators
Size:   3657
Md5:    a81c7f4fa2bf5fbad0a0a239591428e7
Sha1:   caf797104e5e15b118d38bc376f725bf4a222fca
Sha256: 23b9a44303921f7f95b64c98c8a42a041e07bd29bc736e9fa519d5d88c47242e
                                        
                                            POST / HTTP/1.1 
Host: ntualkentined.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www109.zippyshare.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www109.zippyshare.com
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         44.195.137.121
HTTP/2 200 OK
                                        
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9EED52637B43F1CD0922351B938D09762EE7514788134B9B78B29EEA8B5F1D4E"
Last-Modified: Tue, 14 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7244
Expires: Fri, 17 Jun 2022 04:22:48 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9EED52637B43F1CD0922351B938D09762EE7514788134B9B78B29EEA8B5F1D4E"
Last-Modified: Tue, 14 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7244
Expires: Fri, 17 Jun 2022 04:22:48 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB5C47750CC94CF64FD493FB2AFBECF9465339D271763D045556E55840F067C3"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Fri, 17 Jun 2022 03:08:33 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB5C47750CC94CF64FD493FB2AFBECF9465339D271763D045556E55840F067C3"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Fri, 17 Jun 2022 03:08:33 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB5C47750CC94CF64FD493FB2AFBECF9465339D271763D045556E55840F067C3"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Fri, 17 Jun 2022 03:08:33 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB5C47750CC94CF64FD493FB2AFBECF9465339D271763D045556E55840F067C3"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Fri, 17 Jun 2022 03:08:33 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB5C47750CC94CF64FD493FB2AFBECF9465339D271763D045556E55840F067C3"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Fri, 17 Jun 2022 03:08:33 GMT
Date: Fri, 17 Jun 2022 02:22:04 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29fd0e61-77f8-48fb-b6e8-41ba5e8f7695.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5935
x-amzn-requestid: cb34f3b6-5849-47d9-b35f-5a3a4de4adfa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tf3aUE7HoAMFoEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a305db-688c81aa2fcc45842b523a6f;Sampled=0
x-amzn-remapped-date: Fri, 10 Jun 2022 08:50:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P-6X1HJpHhNDlv-gYE_tCYERaJ3qJUrSW4mP5aul7v-dG1AkYBr0QA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Jun 2022 00:17:16 GMT
age: 7488
etag: "366268d3af2b72d8b455632eb478b735b35c96e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5935
Md5:    233feac8a9307c97ff7a8c08d68fa5ba
Sha1:   366268d3af2b72d8b455632eb478b735b35c96e6
Sha256: 6be1494080114fa4fe418e983d404ab4141ece76502cbe4e17bfa660f18054e8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facc2579a-4dc1-44c2-8c91-85192f952284.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6619
x-amzn-requestid: 470edb78-c474-4199-b246-b5f3035cfe75
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2aPEwgIAMFegQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d10e-4ca5f03b09ffaa20052ad232;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lknBIWKZzR1XlAjF-MLtGpKI8FkznAWYrEnbhMPwANmG7PSG0orMQg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Jun 2022 13:21:04 GMT
age: 46860
etag: "82e19b95c27b5ce6213e68d2dd24cb6639476d40"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6619
Md5:    34dc805e546491654e8a39ebb0662c58
Sha1:   82e19b95c27b5ce6213e68d2dd24cb6639476d40
Sha256: cb2b2d1031adb1ca257c3bdeb6c5038bdc9e023c673a902654ee30c08f382649
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F569ef1f6-d7cf-494e-885f-cc306c9de771.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4535
x-amzn-requestid: fce3d6ab-3e9a-4ca4-8a50-ca95bfa27316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TwmmhF2gIAMFt7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a9b7c3-656591e63d86f9f06644138c;Sampled=0
x-amzn-remapped-date: Wed, 15 Jun 2022 10:43:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kOmu6Ddmkp3FnSzemRBGAM35oo-LhFw25y-V1bxLqtjNlv4VmzJ3Cw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Jun 2022 16:44:57 GMT
age: 34627
etag: "7089273217b7c44c31c77b12851facc431a067b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4535
Md5:    cc15854f1d26e10cea5182fbc985bfcb
Sha1:   7089273217b7c44c31c77b12851facc431a067b1
Sha256: b7b43cb99e088cbda69fbd1682998c87b5a532f19d442ad2fffe43ad71dbd44a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cac665e-75f1-407f-8cbb-7fa9a19b43ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9782
x-amzn-requestid: af26ce62-04f6-441f-a3fc-df1e2bf0fbc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr3TUEHLoAMFuBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d27b-7641304c18789aeb3862b475;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:12:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ki60qZw3y1q0_sHAu98g5VafTRX8cKSXvIomBcpuVovrrNOy0082PA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Jun 2022 04:19:17 GMT
age: 79367
etag: "0c7c6e922ae0b9c14cb1f4a2c9cd5ed75ebe59d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9782
Md5:    2982dbc340bfaa4525531bf12a36dcd3
Sha1:   0c7c6e922ae0b9c14cb1f4a2c9cd5ed75ebe59d1
Sha256: 8752a702a7dcfd84ff75055c1683c66cc408e46da68b76b403816947780982a5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87747c23-6a13-44ba-b13a-d807591b716b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 3782
x-amzn-requestid: 3e8fdc68-ed76-4415-9121-8789b2f54ef0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr3TqGBcoAMFhYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d27d-1ac8a82e64be69e36d0df7c3;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:12:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fH8tpt2C8qegddJ0CX4zAI367g5SlBlZy1Iur3zhPB3OWNAz0mOfVg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Jun 2022 20:21:40 GMT
age: 21624
etag: "a961c1dab9a2c83a586c965c2eeece5f6b644a25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3782
Md5:    272f6d6faafe3e7914b81cb6f74ed30e
Sha1:   a961c1dab9a2c83a586c965c2eeece5f6b644a25
Sha256: eca710a7048f6846d89122395c7820ffca270290e80724a2d1e4ea9e277840ce
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F654ba3d7-ea96-4aca-957b-41fe76850d93.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 13183
x-amzn-requestid: 8a98a7c9-70ba-4266-a498-c5e82e85a242
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr3DsEdZoAMFlkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d217-30b8d02d489dc66b3c0b8f96;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:11:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hxxrmWE23s1dp-oRNAhaPU8BekA5lp0YnJ2smesk2TADN2DSwhF-BQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Jun 2022 13:21:04 GMT
age: 46860
etag: "88469237b6fcd0dca36d937465fb36ea9308c4aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13183
Md5:    90cc5d5a9e9030664444a47de3dbd4f5
Sha1:   88469237b6fcd0dca36d937465fb36ea9308c4aa
Sha256: 1f43fb9a1576a27fc50de9569567fc6eb93ea634f002b16595091e6d80397883
                                        
                                            GET /pxf.gif?uuid=2e0820cc-06b2-4b1c-8098-a8c60626a055&eb=f2971074fea048c017123c068028f7b0&te=b8a4e026d9f6325fba5277f9c4602d23&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=12.31&b_frame=0&pk=1d3584ff950f38d5b2e10bc2994be620&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Fri, 17 Jun 2022 02:22:04 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6c005ec97ac15c39c391ab8d4a2618f9
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pxf.gif?uuid=2e0820cc-06b2-4b1c-8098-a8c60626a055&eb=f2971074fea048c017123c068028f7b0&te=b8a4e026d9f6325fba5277f9c4602d23&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=12.31&b_frame=0&pk=ca6621f64bcdfd0a5aa2af7c57675832&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Fri, 17 Jun 2022 02:22:04 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9320c04191f950e2e806d6fa3f1c546d
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9E72950F801110AB6463A4C495F7664F1EB662D401B19CAFDD359228A4E3962F"
Last-Modified: Thu, 16 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2887
Expires: Fri, 17 Jun 2022 03:10:13 GMT
Date: Fri, 17 Jun 2022 02:22:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "18676A0496BB91F7FD62178A4CF6D532B7CC6B505C8D683194E2D7B20BBE3061"
Last-Modified: Wed, 15 Jun 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6220
Expires: Fri, 17 Jun 2022 04:05:46 GMT
Date: Fri, 17 Jun 2022 02:22:06 GMT
Connection: keep-alive

                                        
                                            GET /77a941318190d582be7b985fcc29e050.jpeg HTTP/1.1 
Host: cdn.adx1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         149.6.163.10
HTTP/2 200 OK
                                        
server: openresty/1.15.8.3
date: Fri, 17 Jun 2022 02:22:06 GMT
content-type: image/jpeg
content-length: 18985
last-modified: Sat, 11 Jun 2022 11:20:12 GMT
etag: "62a47a6c-4a29"
expires: Thu, 30 Jun 2022 14:00:27 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size:   18985
Md5:    e309b42dd49a8a9bb46779ebfaaac5d4
Sha1:   3df58426beaf5a04974cef19b40446405b4d944b
Sha256: 8a233b74b4776ccec44cba9f6e6742561770f03f2b1ff5cfee0ea06cb6aa72f9
                                        
                                            GET /winnotice?sid=H4sIAAAAAAAC%2F1RTz2skRRSu0VwWT8qKgiLjQVCQSff87DGHaIyRYNysu4qelOqq6uRturuaqq7pSU5BUTzJoDdPnS%2FZBHVx9ebFVToLHgJC5hbQ%2FAMKisKCN5kxJuyD4r163zt8r76vPtpxp6wBx08WX9dbFMd8ttPw6s%2B%2B4%2Ftz9RVK3bA%2BDLrvddtzdTN4od9teM%2FVX1ViQ882Pd%2FzfM%2BvL5FRkR7OTkBQdqvvN%2Fpeo91s%2BJ02hqaEdTVYXoMcnLJHQHI8c7d2GSQqpMk3i8pu5Dp7%2FpXExTzXBgN58Fa6keoiRXJRRqaGKD04m4a2x0t3oNObU4rQg%2FPBkMas9tMdhOnBGTGEg70ptzCGShHKh1AMKqi4AvEKQn8AkscMEBJXVpEm%2B1e0KfjmfyifoGM2c%2B9vUDFmM79eRpp8vRDTsH5dxy4nnVoMoxI0rEBrFTJ3iHyLgYpDiPx9kPyZzd5bQZrsrdpYg2Q53Z2oAkUVYjUCtwxucojBRTW4rIZEntSF7%2Fs9TwruBX0hWrKnwq70fN6LfO573QBOTOiNkGcjiHgEYbaRmW1s0AjGfQKyFRwvQVmJzO4H7ZbX6UCJo%2Fl%2Ffvvwqe%2Fe%2BB2cTurNlooU7%2FSbrXarqXjERbcTBsr3Qq%2FZ6QUCIR3NPzN3vBa9eICYGBQ%2F%2BuFPNg3YtETqyt3UUAmjjthZ7BqZH82fT62XsJLB5gwDWaJQDIVlKDhDQQxFzlAMypsytk1b7svYutA%2Fy82z3Cp3slP28FSPv8S72FAn9cgTzSDqt1vNoN3vh4Fs91rdoCuFLwPVDiQs%2Fb812QfAbQ1bNGaP%2FvIHsolT5GcI%2BSFsfAhBT4O7J8GLEny9xFZaQurbLrMk1Q0dx5sNoRNk%2BSXkm7Wd%2BJQ9NqXSHty%2B70WFKZGZEjfoLsNa%2FPHuNV2wvWu6sOzb1SynhLb4xDbXc56rB798TW0W2sjlRTv64iUxASblrTeVzVd4Kilds%2ByrBZJSmSVthGLfL9u3VXjV2fUFZ1KXrVx9eWk5yYyylnRagdPx2qcQNGaXHu9N%2F8MTq5%2BDTAXjSiTuXCGQriCybdjsomc1g4kv7mHGULhy1zTDi%2BbEA%2FGF1OBhuWN%2FhKUSuWX%2FAgAA%2F%2F8BAAD%2F%2F%2B8%2BlpVUBAAA&ap=${AUCTION_PRICE}&l=3438255&sub3=1655432523&pid=91283&sub2=icon&auid=23efea5923432eafac65b8e10b02578c&icon=https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1 
Host: upsidejolly.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.227
HTTP/1.1 307 Temporary Redirect
                                        
Server: nginx/1.22.0
Date: Fri, 17 Jun 2022 02:22:06 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://cdn.cloudimagesb.com/cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87d1e0caa012eaf26fc7bd25026776f3
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "254773DFDF1027A91208650B4686BA7B8C193144CF7D62A47F5C57BC3F67A942"
Last-Modified: Wed, 15 Jun 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14690
Expires: Fri, 17 Jun 2022 06:26:56 GMT
Date: Fri, 17 Jun 2022 02:22:06 GMT
Connection: keep-alive

                                        
                                            GET /cti/34/74/d7/3474d78aff0bf2df5207c5e1bcb89147/1591703087.jpg HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.10
HTTP/2 200 OK
                                        
date: Fri, 17 Jun 2022 02:22:06 GMT
content-type: image/jpeg
content-length: 33103
server: nginx/1.17.6
last-modified: Tue, 09 Jun 2020 11:44:50 GMT
etag: "5edf7632-814f"
expires: Sun, 19 Jun 2022 02:22:06 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:05:18 19:19:17], baseline, precision 8, 200x200, components 3\012- data
Size:   33103
Md5:    70cf8250da1a25a7b445231428af7828
Sha1:   a849d338423d2919949340838c768bba90b9081c
Sha256: b7060bc46dc459a00d4124523a26f0cbf31fba31d41fccae9f82bedaf22c1186
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "044D0AB92AEB828269BBFD9187962DEF867EE517128EF04332221E3E2422AC70"
Last-Modified: Thu, 16 Jun 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15910
Expires: Fri, 17 Jun 2022 06:47:18 GMT
Date: Fri, 17 Jun 2022 02:22:08 GMT
Connection: keep-alive

                                        
                                            GET /sbar.json?key=ca6621f64bcdfd0a5aa2af7c57675832&uuid=2e0820cc-06b2-4b1c-8098-a8c60626a055%3A1%3A1 HTTP/1.1 
Host: exchangediscreditmast.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www109.zippyshare.com
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: u_pl=15255681; uid_id2=2e0820cc-06b2-4b1c-8098-a8c60626a055:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.17.9
Date: Fri, 17 Jun 2022 02:22:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www109.zippyshare.com
Access-Control-Allow-Origin: https://www109.zippyshare.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2e0820cc-06b2-4b1c-8098-a8c60626a055:1:1; expires=Fri, 24 Jun 2022 02:22:09 GMT; secure; SameSite=None uncs=2; expires=Sat, 18 Jun 2022 02:22:09 GMT; secure; SameSite=None uncs29=2; expires=Sat, 18 Jun 2022 02:22:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2daae13a9688d1925749f18346f40e38
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5727), with no line terminators
Size:   4126
Md5:    1ac6d9449b65863d755fd0d5d5d3d5d6
Sha1:   0bed1f42640a020d1895b86f0590d8b405000264
Sha256: ddf25cfb0b874c2b73d434e185eed4d014e5377fcc13f5c7110556105a3b0997

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSwW8bxRudzS%2Fq5Xcq7YUDyAckQCLO7tpe2%2B0BtYSgiNCUFgQ3NDuzdgbP7qxmdryOxaFQhHo0V07rZycBWlXwB1ChTSUQlZBiTjmQWyWuCKlnZCfC8Emj73vvfYc3T98XY3tKXFh6svGOGgop6Xqj6lZe%2BdDzrla2RWIHlUEr%2BCioX63o%2FpV2UHVfrbwVsZ5a913PdT3Xq2wKHXXUYH0uQqQP2l617VbrftVr1DHQ%2F8XGrsDQFfD%2BKXkOgs9WHzuXIViJJP5uIzK9TKWvvRlbSTOl0eeH7ye9ROUJ4uXY0Q46yeH5NpQ53nwElewv7EL1%2F1kMxYw4Pz1CmByem0TYny58hhJRgpD%2FH3m%2FRCRLCFqCqbsQ%2FJgAjOPGDpL44IbSOd07U%2BlcnZHVZ39B5DOy%2BvtlJPHD61IMKreVtJlQicGgU0AMSohuidSWyIYrEPkRWPYZBP%2BVrD%2FbRhJPd4xUEPzkJT9yW77L2JobhP5aPfTYWsttt9ZoiwVu4AfUbTQWAQlRQnRKyGgEahzY%2BRMObMeBTR3E%2FKTCPM9rupxRt9VmrMabURhw16PNjkc9N2jBsvkfRsjSEZgcgenPD1K%2Bm%2FX600zbaGoTZsbe12eU316QB3PSb489pPoOemIEbX%2BE2S1guAOTEfR5gTwiyA1BTglyQZBnBHm%2F2OfS%2BKY44NLY0Dvv%2FnmvFROVdcd0X2XdKCHj9JRcXET8x8%2BfohedVBgNAt%2FrBPWQ8Q53aYNSn3aarNEMmo1WzYcRBYRZWQQyFDNCfrmEdN6%2FuoKQHsHIIzBxEdS%2BAJpPmr4Lujupt1wMk4dDkaZ7ZpfqqMpUDK4KpNkqsj1nLE%2FJ8wsnLz%2BtIGJPyHmB6QKpLvCxeEzQlfcmt1ROprdUbsj3O2kmYjGk80O4ndEsuvDt29FerjTf2jCjb66xuTAfH7wXmWybJlwkXUPuXxecR3pTaRaRH7bMB1F405rd61YnNt2%2B%2BcbmVpzqyBihkhJUHH8SgIkZuXBtf3Hhl%2F5sQegS2haI7dKpUCVYegcmXXJGEWi5xGHqILfFRPvhkpSCQEZLTMMC5l84XM5jcw9d%2FSJodhdJXKCvC%2FRlASpHMPZ%2FkyzVT17%2FrbYohNKZhFI701Bq%2BeVZtEacVJq1mkuDdsNrNmnUDOt%2BqxN4nFK%2FHvhBQGvIzCy8%2F%2FTdvwEAAP%2F%2FAQAA%2F%2F%2FZ5feirAQAAA%3D%3D HTTP/1.1 
Host: exchangediscreditmast.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: u_pl=15255681; uid_id2=2e0820cc-06b2-4b1c-8098-a8c60626a055:1:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Fri, 17 Jun 2022 02:22:09 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5f47598a8220cf0de29a23c5ddb6ce57
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "11DB7B71D95B026D79DE4D0FBC9FE4EE3B14E8C07E48F25F56EE99D3506BF760"
Last-Modified: Thu, 16 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2850
Expires: Fri, 17 Jun 2022 03:09:39 GMT
Date: Fri, 17 Jun 2022 02:22:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "11DB7B71D95B026D79DE4D0FBC9FE4EE3B14E8C07E48F25F56EE99D3506BF760"
Last-Modified: Thu, 16 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2850
Expires: Fri, 17 Jun 2022 03:09:39 GMT
Date: Fri, 17 Jun 2022 02:22:09 GMT
Connection: keep-alive

                                        
                                            GET /sb/notifications/software/us/norton/1/img/bg.jpg HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.183.56
HTTP/2 200 OK
                                        
date: Fri, 17 Jun 2022 02:22:09 GMT
content-type: image/jpeg
content-length: 58368
last-modified: Wed, 17 Feb 2021 11:45:02 GMT
etag: "602d01be-e400"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 871969
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FG1zCdI3RJedvi%2BjeX178ZpHyS4cGSR%2BdKvgr6Ccu8WfZBb8DbxnMx55%2BppcmOF2C2dLWVYZlHiVEnlvrtQ6kwzJUVSdAZTxIcuWUkOc1Uw4x39uP%2BNI789vNv3IAmKdVyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 71c850dde8430b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=250, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=970], progressive, precision 8, 970x250, components 3\012- data
Size:   58368
Md5:    93db86920aaf5aa1cb2f1b727b06dfe8
Sha1:   bce81c9da296929263f7ec1e606616a97ab42b9d
Sha256: d67bdc40107fb5f7db687092375adbce71dcf6faec40d1c5c9c50c3c9e6d5ca7
                                        
                                            GET /sb/notifications/software/us/norton/1/img/close.png HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.183.56
HTTP/2 200 OK
                                        
date: Fri, 17 Jun 2022 02:22:09 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:01 GMT
etag: "602d01bd-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7552312
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JgcgHMN6%2FmUhmi5yoCkzAem9JMXwxdzL2mPZkRVYCS%2FMUdOyEL%2BsMojLukSJqld2m23B2j3HunCZpK6hPncc36NWcT4Ogo3eLUGsITBw1EWZnociE1Q24khcB4W3Q8ytjSw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 71c850dde8450b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size:   1778
Md5:    c1b8f53c3afa0fdd5be48e6bfdbbb6fa
Sha1:   eeb2cd8d17e3abe135865be77330b8519f6bceb2
Sha256: 8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0
                                        
                                            GET /pixel/sbls?bv=22.2.6607&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=272 HTTP/1.1 
Host: exchangediscreditmast.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www109.zippyshare.com/
Cookie: u_pl=15255681; uid_id2=2e0820cc-06b2-4b1c-8098-a8c60626a055:1:1; pdhtkv=true; uncs=2; pdhtkv29=true; uncs29=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Fri, 17 Jun 2022 02:22:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "11DB7B71D95B026D79DE4D0FBC9FE4EE3B14E8C07E48F25F56EE99D3506BF760"
Last-Modified: Thu, 16 Jun 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2850
Expires: Fri, 17 Jun 2022 03:09:39 GMT
Date: Fri, 17 Jun 2022 02:22:09 GMT
Connection: keep-alive